<html>
<head><meta charset="utf-8"><title>blog post about `MaybeUninit` · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html">blog post about `MaybeUninit`</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="164741387"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164741387" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164741387">(May 02 2019 at 20:13)</a>:</h4>
<p>Hey <span class="user-mention" data-user-id="120791">@RalfJ</span>! We were discussing <a href="https://github.com/rust-lang/rust/pull/60445" target="_blank" title="https://github.com/rust-lang/rust/pull/60445">https://github.com/rust-lang/rust/pull/60445</a> in the lang team meeting today, and we were thinking that it would be great if we had a good write-up about the deprecation of <code>mem::uninitialized</code>. Such a write-up would, I think, motivate the change, explain what is deprecated, and epxlain what people should do instead.  We thought you would be the perfect person to write it. Interested? :) </p>
<p>(cc <span class="user-mention" data-user-id="126931">@centril</span>  )</p>



<a name="164741400"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164741400" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164741400">(May 02 2019 at 20:13)</a>:</h4>
<p>Now that I write this, I am wondering if "blog post" is the right term</p>



<a name="164741407"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164741407" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164741407">(May 02 2019 at 20:13)</a>:</h4>
<p>Maybe it should be posted as a github issue and then 'cross-posted' to internals, for example</p>



<a name="164741421"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164741421" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164741421">(May 02 2019 at 20:13)</a>:</h4>
<p>(The idea is that the deprecation notice can also link to this)</p>



<a name="164741432"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164741432" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164741432">(May 02 2019 at 20:13)</a>:</h4>
<p>That is, we want to (a) notify folks in advance and then (b) have something to link them to</p>



<a name="164919277"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164919277" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164919277">(May 05 2019 at 13:22)</a>:</h4>
<p>Interested, yes. Does this come with a ticket for my nearest time machine? :P</p>



<a name="164919299"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164919299" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164919299">(May 05 2019 at 13:23)</a>:</h4>
<p><span class="user-mention" data-user-id="116009">@nikomatsakis</span> <span class="user-mention" data-user-id="126931">@centril</span> what did you have in mind in terms of timing and where this would end up being posted? When I look at my Rust folder I already feel like I made too many commitments, so I am a bit hesitant right now to add new ones^^. But also this is a topic I'd very much like to help "get right".</p>



<a name="164919404"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164919404" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164919404">(May 05 2019 at 13:26)</a>:</h4>
<blockquote>
<p>Does this come with a ticket for my nearest time machine? :P</p>
</blockquote>
<p>Sorry; we are all out of those. :P</p>
<blockquote>
<p>what did you have in mind in terms of timing and where this would end up being posted?</p>
</blockquote>
<p>Close to the 1.36 release would be good so we can link to it in <a href="http://blog.rust-lang.org" target="_blank" title="http://blog.rust-lang.org">blog.rust-lang.org</a><br>
I was thinking you can post it in your own blog but maybe Niko thought something else.</p>



<a name="164999850"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/164999850" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#164999850">(May 06 2019 at 17:12)</a>:</h4>
<p>If writing the post is too much work, <span class="user-mention" data-user-id="120791">@RalfJ</span>, helping to edit it might be another option</p>



<a name="165788004"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165788004" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165788004">(May 16 2019 at 07:57)</a>:</h4>
<p>I wonder what the post should say about <code>MaybeUninit</code> and structs...</p>



<a name="165837200"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165837200" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165837200">(May 16 2019 at 18:43)</a>:</h4>
<p>Is there anything to say about MaybeUninit other than: mem::uninitialized doesn't really work because types can have validity constraints, and uninit basically says "please assume any constraints are violated". So here's a type-level solution so that the compiler can understand what you're trying to do and not apply those assumptions?</p>



<a name="165837320"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165837320" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165837320">(May 16 2019 at 18:44)</a>:</h4>
<p>I am kinda bored, so if that's right, I am willing to do the writeup</p>



<a name="165837355"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165837355" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165837355">(May 16 2019 at 18:45)</a>:</h4>
<p>(Might also mention that undef/poison is a disaster in LLVM, so avoiding that as much as possible is also For The Best)</p>



<a name="165837393"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165837393" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165837393">(May 16 2019 at 18:45)</a>:</h4>
<p>(Although does MaybeUninit still just lower to undef..?)</p>



<a name="165839297"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165839297" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165839297">(May 16 2019 at 19:04)</a>:</h4>
<p>yeah that's basically it</p>



<a name="165839319"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165839319" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165839319">(May 16 2019 at 19:04)</a>:</h4>
<p>it lowers to cosntructing a union by initializing a zero-sized field</p>



<a name="165839338"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165839338" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165839338">(May 16 2019 at 19:04)</a>:</h4>
<p>so, its effectively <code>undef</code></p>



<a name="165840815"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165840815" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165840815">(May 16 2019 at 19:23)</a>:</h4>
<p>is it <em>not</em> undef in any particular way?</p>



<a name="165844585"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165844585" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165844585">(May 16 2019 at 20:07)</a>:</h4>
<p>only in the way how we codegen (the <code>uninit</code> intrinsic is not involved)</p>



<a name="165859148"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165859148" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165859148">(May 16 2019 at 23:40)</a>:</h4>
<p>Drafted the post up. Do Not Distribute: <a href="https://gankro.github.io/blah/initialize-me-maybe/" target="_blank" title="https://gankro.github.io/blah/initialize-me-maybe/">https://gankro.github.io/blah/initialize-me-maybe/</a></p>



<a name="165860128"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860128" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860128">(May 17 2019 at 00:00)</a>:</h4>
<blockquote>
<p>// statically uninit, init it</p>
</blockquote>
<p>I prefer to expand the initialisms here (+ consequence changes in the whole text)</p>



<a name="165860263"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860263" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860263">(May 17 2019 at 00:03)</a>:</h4>
<p>I didn't want the lines to get long, and also it gets super repetitive</p>



<a name="165860274"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860274" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860274">(May 17 2019 at 00:03)</a>:</h4>
<blockquote>
<p>rust has the Option type (or any enum, really):</p>
</blockquote>
<p>You sometimes capitalize Rust and sometimes not... pick one :P</p>
<p>Also, <code>Option&lt;T&gt;</code>  is the type, <code>Option</code> isn't a type.</p>



<a name="165860285"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860285" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860285">(May 17 2019 at 00:03)</a>:</h4>
<blockquote>
<p>and also very poorly specified.</p>
</blockquote>
<p>s/very//g</p>



<a name="165860608"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860608" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860608">(May 17 2019 at 00:09)</a>:</h4>
<p>s/can't/cannot/g</p>



<a name="165860674"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860674" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860674">(May 17 2019 at 00:10)</a>:</h4>
<p>disagreed on "can't" and "Option"</p>



<a name="165860696"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165860696" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165860696">(May 17 2019 at 00:11)</a>:</h4>
<p><a href="https://github.com/rust-lang/rfcs/blob/master/text/1574-more-api-documentation-conventions.md#referring-to-types" target="_blank" title="https://github.com/rust-lang/rfcs/blob/master/text/1574-more-api-documentation-conventions.md#referring-to-types">https://github.com/rust-lang/rfcs/blob/master/text/1574-more-api-documentation-conventions.md#referring-to-types</a></p>



<a name="165861948"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165861948" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165861948">(May 17 2019 at 00:36)</a>:</h4>
<blockquote>
<p>What Is MaybeUninit?</p>
</blockquote>
<p>I don't think you link to the type in the standard library anywhere in the post, would be good to do so</p>



<a name="165889648"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165889648" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165889648">(May 17 2019 at 10:48)</a>:</h4>
<p><span class="user-mention" data-user-id="137587">@Gankro</span> I don't have much time, but the general impression is that the post is too long</p>



<a name="165889771"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165889771" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165889771">(May 17 2019 at 10:50)</a>:</h4>
<p>We should just explain "What's uninitialized memory?" "Why is that useful for Rust? (optimizations)" "Why is that useful for users? (optimizations)" "Why is it dangerous?" (user optimization with bug gets ""misoptimized"") "Why is mem::uninitialized deprecated?" (makes it almost impossible to write code that doesn't get misoptimized), "What is MaybeUninit and how does it improve on mem::uninitialized failures?"</p>



<a name="165889789"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165889789" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165889789">(May 17 2019 at 10:51)</a>:</h4>
<p>I don't really think we have to cover the heap to explain any of that</p>



<a name="165889843"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165889843" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165889843">(May 17 2019 at 10:52)</a>:</h4>
<p>A more comprehensive blog post covering everything there is to know about uninitialized memory might want to do that (although that might belong in the nomicon), but the blog post that accompanies the release should be short and to the point, such that hopefully most people read it.</p>



<a name="165910099"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165910099" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165910099">(May 17 2019 at 15:32)</a>:</h4>
<p>I could definitely see removing the "working with safe uninit memory" section, but everything else seems relevant and fairly brief</p>



<a name="165919343"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165919343" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165919343">(May 17 2019 at 17:26)</a>:</h4>
<blockquote>
<p>So as a conservative model it's reasonable to just declare that it is Undefined Behaviour to read uninitialized memory. Full stop.</p>
</blockquote>
<p>Uh, I am not sure if I agree. <code>memcpy</code> of uninitialized memory is generally considered okay. In fact, given that padding is uninitialized, this occurs in safe Rust.</p>



<a name="165919380"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165919380" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165919380">(May 17 2019 at 17:27)</a>:</h4>
<p>Also, I feel the first section doesnt go far enough in saying <em>how exotic</em> uninit memory is -- namely, that it is unstable and can change when you look at it multiple times</p>



<a name="165919406"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165919406" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165919406">(May 17 2019 at 17:27)</a>:</h4>
<p>so even <code>x == x</code> (for <code>x: i32</code>) can legimiately be made <code>false</code> by the compiler</p>



<a name="165919441"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165919441" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165919441">(May 17 2019 at 17:27)</a>:</h4>
<p>so IMO one should really think of bits as having 3 possible states (0, 1, U). I feel that's easier to explain than the "magic substance"^^</p>



<a name="165919727"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165919727" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165919727">(May 17 2019 at 17:30)</a>:</h4>
<p>Also I tend to agree about the length -- I think the "safe working with uninit memory" can be shortened, and I am not sure if a survey of all sources of uninit memory in Rust is the best approach here. My thinking was that the post would explain mem::uninit (that can come nicely after the safe section, basically as a way to "trick" the "overly strict" static checks described in the safe section), and how its wrong, and then how MaybeUninit saves the day</p>



<a name="165919737"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165919737" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165919737">(May 17 2019 at 17:31)</a>:</h4>
<p>the fact that it is a union shouldnt matter</p>



<a name="165920518"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920518" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920518">(May 17 2019 at 17:40)</a>:</h4>
<p>I wasn't sure if the "can change value" thing was a concensus semantic (or if that was undef vs poison)</p>



<a name="165920536"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920536" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920536">(May 17 2019 at 17:41)</a>:</h4>
<p>but that's a good point on memcopying</p>



<a name="165920570"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920570" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920570">(May 17 2019 at 17:41)</a>:</h4>
<p>also idk, in my mind it's very interesting that it's just "yo use a union" and not like "ah we made this brilliant new thing that's magic"</p>



<a name="165920711"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920711" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920711">(May 17 2019 at 17:43)</a>:</h4>
<blockquote>
<p>I wasn't sure if the "can change value" thing was a concensus semantic (or if that was undef vs poison)</p>
</blockquote>
<p>undef has it and poison makes it not observable</p>



<a name="165920718"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920718" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920718">(May 17 2019 at 17:43)</a>:</h4>
<p>so yes I'd say it is pretty much consesus</p>



<a name="165920816"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920816" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920816">(May 17 2019 at 17:44)</a>:</h4>
<p>I mean this is but one way to explain the three-valued-bit thing</p>



<a name="165920839"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920839" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920839">(May 17 2019 at 17:45)</a>:</h4>
<p>the other is to just say "it is special and not like any initialized memory, hence -&gt; bits have three states"</p>



<a name="165920937"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920937" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920937">(May 17 2019 at 17:46)</a>:</h4>
<blockquote>
<p>also idk, in my mind it's very interesting that it's just "yo use a union" and not like "ah we made this brilliant new thing that's magic"</p>
</blockquote>
<p>it <em>is</em> interesting, but I think when using MaybeUninit one should generally treat it as an opaque abstraction, and hence it should be possible to explain it as such</p>



<a name="165920973"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165920973" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165920973">(May 17 2019 at 17:46)</a>:</h4>
<p>also re: the post structure, that was just what I had in mind. maybe other structures work better. I guess I am curious why you chose yours :)</p>



<a name="165921202"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921202" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921202">(May 17 2019 at 17:49)</a>:</h4>
<p>I just wrote it from the perspective of "how do I explain this to someone who has never heard of any of this"</p>



<a name="165921402"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921402" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921402">(May 17 2019 at 17:51)</a>:</h4>
<p>I guess also your goal was different -- my goal would have been to explain "just" mem::uninit vs MaybeUninit</p>



<a name="165921410"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921410" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921410">(May 17 2019 at 17:51)</a>:</h4>
<p>How do you feel about "So as a conservative model it's reasonable to just declare that if you do anything with uninitialized memory <em>other</em> than just copying it around, <strong>it is Undefined Behaviour</strong>. Full stop."</p>



<a name="165921422"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921422" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921422">(May 17 2019 at 17:51)</a>:</h4>
<p>I agree factually :)</p>



<a name="165921519"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921519" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921519">(May 17 2019 at 17:52)</a>:</h4>
<p>I still think this is a good opportunity to instill the idea in people that uninit is not "magic" and not "random bits" but just that bits can be more than 0 and 1. People need to free themselves from the bounds of the hardware that constraints their imagination in terms of what the abstract machine they are <em>really</em> programming looks like :D</p>



<a name="165921609"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921609" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921609">(May 17 2019 at 17:53)</a>:</h4>
<p>I'm not convinced that nature of uninitialized memory is as well-defined as you claim</p>



<a name="165921948"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921948" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921948">(May 17 2019 at 17:57)</a>:</h4>
<p>this is our language, we can define it :D</p>



<a name="165921976"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921976" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921976">(May 17 2019 at 17:57)</a>:</h4>
<p>and this is basically the poison model</p>



<a name="165921989"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165921989" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165921989">(May 17 2019 at 17:57)</a>:</h4>
<p>which is the most reasonable model out there (and you linked to the paper showing that)</p>



<a name="165922073"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165922073" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165922073">(May 17 2019 at 17:58)</a>:</h4>
<p>so while there may be changes in the fine print, I think it is more useful to teach <em>a</em> concrete model (even if it is preliminary) than to wobble around with nothing concrete to say or point at</p>



<a name="165922239"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165922239" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165922239">(May 17 2019 at 18:00)</a>:</h4>
<p>I second this. "Bits can be more than 0 or 1" seems a fairly useful intuition to instill in people. There's a lot of decisions to be made about whether it's actually per-bit or more coarse, how it propagates exactly, etc. but the general idea seems like it can be stretched to cover practically any plausible semantics. It's only completely misleading for a model where uninitialized memory is really just a non-deterministic string of 1s and 0s but I see no way we'll actually end up with that.</p>



<a name="165922584"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165922584" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165922584">(May 17 2019 at 18:04)</a>:</h4>
<p>also, this helps when eventually we have to teach people that pointers are more than an integer (because pointers got provenance). if they already gave up the idea that Rust's memory equals hardware memory, that will be an easier sell. ;)</p>



<a name="165922618"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165922618" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165922618">(May 17 2019 at 18:05)</a>:</h4>
<p>shameless plug: <a href="https://www.ralfj.de/blog/2018/07/24/pointers-and-bytes.html" target="_blank" title="https://www.ralfj.de/blog/2018/07/24/pointers-and-bytes.html">https://www.ralfj.de/blog/2018/07/24/pointers-and-bytes.html</a></p>



<a name="165922713"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165922713" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165922713">(May 17 2019 at 18:06)</a>:</h4>
<blockquote>
<p>There's a lot of decisions to be made about whether it's actually per-bit or more coarse, how it propagates exactly, etc</p>
</blockquote>
<p>yeah, that's the part I meant by "fine print"</p>



<a name="165922946"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165922946" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165922946">(May 17 2019 at 18:09)</a>:</h4>
<p>The thing is, we're slaves to our compiler backends, so as long as uninit memory becomes llvm undef, we have to cope with that mess</p>



<a name="165923033"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165923033" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165923033">(May 17 2019 at 18:10)</a>:</h4>
<p>compiling from this bitwise-poison model to undef is sound</p>



<a name="165923100"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165923100" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165923100">(May 17 2019 at 18:11)</a>:</h4>
<p>(we have to make the right choices for how operators propagate poison, but it can be done)</p>



<a name="165923189"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165923189" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165923189">(May 17 2019 at 18:12)</a>:</h4>
<p>basically, a bitstring like <code>0UU1</code> maps to the set of LLVM values such that the non-U parts of the bitstring are the same</p>



<a name="165923195"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165923195" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165923195">(May 17 2019 at 18:12)</a>:</h4>
<p>so <code>UUUUUUUU</code> = <code>undef</code> (at i8)</p>



<a name="165923238"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165923238" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165923238">(May 17 2019 at 18:13)</a>:</h4>
<p>and then we say that <code>UUUUUUUU * 00000000 = UUUUUUUU</code>, while LLVM says the result is <code>00000000</code>, but that's okay because we are less defined (so in the worst case, a program that has UB in Rust will not have UB in LLVM)</p>



<a name="165924273"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165924273" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165924273">(May 17 2019 at 18:24)</a>:</h4>
<p>ok I update the section definiing uninit memory, and also removed the safe use section (replaced with links to the nomicon and option): <a href="https://gankro.github.io/blah/initialize-me-maybe/" target="_blank" title="https://gankro.github.io/blah/initialize-me-maybe/">https://gankro.github.io/blah/initialize-me-maybe/</a></p>



<a name="165924322"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165924322" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165924322">(May 17 2019 at 18:25)</a>:</h4>
<p>Considering there's a "skip to the good parts" link, I think this is a pretty reasonable structure</p>



<a name="165924362"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165924362" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165924362">(May 17 2019 at 18:25)</a>:</h4>
<p>(most of the vertical height is code examples)</p>



<a name="165925097"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165925097" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165925097">(May 17 2019 at 18:33)</a>:</h4>
<p>does your template supports subsections? looks like the "three kind of uninit" should be subsections of the "unsafe" section</p>



<a name="165925163"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165925163" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165925163">(May 17 2019 at 18:34)</a>:</h4>
<p>not having clicked the "skip to the good parts" link, I thought these were all top-level, so I didnt really see anything stand out as I went to the "good parts"</p>



<a name="165925185"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165925185" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165925185">(May 17 2019 at 18:34)</a>:</h4>
<p>also, seems odd to have "Finally, we come to the focus of this post." in the "skip this" part?</p>



<a name="165925272"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165925272" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165925272">(May 17 2019 at 18:35)</a>:</h4>
<p>hm. your wording is dancing the edge to make it sound like an uninit <code>i32</code> would be okay because it has no extra invariant...</p>



<a name="165925294"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165925294" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165925294">(May 17 2019 at 18:35)</a>:</h4>
<p>and it may well be but we dont want to commit to that yet^^</p>



<a name="165925398"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165925398" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165925398">(May 17 2019 at 18:37)</a>:</h4>
<p>also, if you want to add another example, "out pointers" are a nice one</p>



<a name="165928746"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/165928746" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#165928746">(May 17 2019 at 19:16)</a>:</h4>
<p>They are subsections in the markup, I just make h1/h2 look the same atm</p>



<a name="166175817"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166175817" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166175817">(May 21 2019 at 14:10)</a>:</h4>
<p>is this good to go?</p>



<a name="166176055"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166176055" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166176055">(May 21 2019 at 14:12)</a>:</h4>
<p><span class="user-mention" data-user-id="116009">@nikomatsakis</span> ^</p>



<a name="166178511"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166178511" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166178511">(May 21 2019 at 14:39)</a>:</h4>
<p>I left some comments here that you didn't reply to, such as</p>
<blockquote>
<p>seems odd to have "Finally, we come to the focus of this post." in the "skip this" part?</p>
</blockquote>



<a name="166178618"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166178618" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166178618">(May 21 2019 at 14:40)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> made a tweek to "what went wrong" that should hopefully satisfy the concern you had with that: <a href="/user_uploads/4715/m_wSRewrTJBR0R21t3jUtDIY/Screen-Shot-2019-05-21-at-10.39.27-AM.png" target="_blank" title="Screen-Shot-2019-05-21-at-10.39.27-AM.png">Screen-Shot-2019-05-21-at-10.39.27-AM.png</a></p>
<div class="message_inline_image"><a href="/user_uploads/4715/m_wSRewrTJBR0R21t3jUtDIY/Screen-Shot-2019-05-21-at-10.39.27-AM.png" target="_blank" title="Screen-Shot-2019-05-21-at-10.39.27-AM.png"><img src="/user_uploads/4715/m_wSRewrTJBR0R21t3jUtDIY/Screen-Shot-2019-05-21-at-10.39.27-AM.png"></a></div>



<a name="166178657"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166178657" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166178657">(May 21 2019 at 14:40)</a>:</h4>
<p>(looking at skip this now...)</p>



<a name="166179048"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166179048" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166179048">(May 21 2019 at 14:44)</a>:</h4>
<p>ok yeah made it link to the previous subsection. It's short enough and easy to skip forward from if people feel familiar with the type.</p>



<a name="166180616"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166180616" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166180616">(May 21 2019 at 15:02)</a>:</h4>
<p>what about?</p>
<blockquote>
<p>your wording is dancing the edge to make it sound like an uninit i32 would be okay because it has no extra invariant...</p>
</blockquote>



<a name="166181134"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166181134" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166181134">(May 21 2019 at 15:08)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> is that not addressed by the screenshot i just posted?</p>



<a name="166181786"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166181786" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166181786">(May 21 2019 at 15:15)</a>:</h4>
<p>oh, sorry, missed that <em>oops</em></p>



<a name="166184890"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166184890" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166184890">(May 21 2019 at 15:50)</a>:</h4>
<p>so should I post this..?</p>



<a name="166196937"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166196937" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166196937">(May 21 2019 at 18:04)</a>:</h4>
<p><em>squirms impatiently</em></p>



<a name="166197782"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166197782" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166197782">(May 21 2019 at 18:13)</a>:</h4>
<p>I'm gonna post this at 3pm EST (in 40 mins) unless someone objects, because people are already discussing the change</p>



<a name="166197939"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166197939" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166197939">(May 21 2019 at 18:14)</a>:</h4>
<p>the release is happening in 6 weeks, why the urge?^^</p>



<a name="166197958"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166197958" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166197958">(May 21 2019 at 18:15)</a>:</h4>
<p>people were discussing this for months</p>



<a name="166197993"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166197993" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166197993">(May 21 2019 at 18:15)</a>:</h4>
<p>but also, you addressedd all the comments I can remember, so I wont object ;)</p>



<a name="166198013"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198013" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198013">(May 21 2019 at 18:16)</a>:</h4>
<p>Because people using nightly will start seeing this, and they need a clear explanation</p>



<a name="166198115"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198115" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198115">(May 21 2019 at 18:16)</a>:</h4>
<blockquote>
<p>For the compiler people out there, mem::uninitialized simply lowers to llvm's undef.</p>
</blockquote>
<p>might be worth relating this to the "uninitailized" state of the three-state boolean you mention earlier in the post?</p>



<a name="166198140"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198140" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198140">(May 21 2019 at 18:17)</a>:</h4>
<p>they wont see a deprecation warning unless they specifically opt-on via <code>warn(deprecated_in_future)</code> if that's what you mean</p>



<a name="166198244"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198244" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198244">(May 21 2019 at 18:18)</a>:</h4>
<p>oh! didn't know that was a thing</p>



<a name="166198336"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198336" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198336">(May 21 2019 at 18:19)</a>:</h4>
<blockquote>
<p>I wasn't 100% sure if I could claim that arr[i] = x doesn't create a reference,</p>
</blockquote>
<p>this is a MIR primitive, so you can be sure. but the moment <code>Deref</code> or <code>Index</code> are involved you are hosed...</p>



<a name="166198463"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198463" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198463">(May 21 2019 at 18:20)</a>:</h4>
<blockquote>
<p>And to be absolutely clear, it's not obvious to the Unsafe Code Guidelines team that mem::uninitialized is usable even for always-valid types like u32. </p>
</blockquote>
<p>again might be worth saying that this is because of the three-state boolean (so u32 isn't really always-valid, it's just always-valid for 0s and 1s)</p>



<a name="166198594"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198594" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198594">(May 21 2019 at 18:21)</a>:</h4>
<p>other than that, looks great :)</p>



<a name="166198602"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198602" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198602">(May 21 2019 at 18:21)</a>:</h4>
<blockquote>
<p>this is a MIR primitive, so you can be sure. but the moment <code>Deref</code> or <code>Index</code> are involved you are hosed...</p>
</blockquote>
<p>I don't think we want to guarantee such MIR details to users right now. More conservative to pretend it goes through the (actually existing) <code>impl Index&lt;usize&gt; for [T]</code>.</p>



<a name="166198614"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198614" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198614">(May 21 2019 at 18:21)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> does both slices and arrays have the "builtin" impl?</p>



<a name="166198887"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198887" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198887">(May 21 2019 at 18:24)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> fair</p>



<a name="166198895"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198895" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198895">(May 21 2019 at 18:24)</a>:</h4>
<p><span class="user-mention" data-user-id="137587">@Gankro</span> looks like it: <a href="https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=c2a206fa78dcd76fdee9d5776877b7d1" target="_blank" title="https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=c2a206fa78dcd76fdee9d5776877b7d1">https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=c2a206fa78dcd76fdee9d5776877b7d1</a></p>



<a name="166198933"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198933" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198933">(May 21 2019 at 18:25)</a>:</h4>
<p>neat</p>



<a name="166198946"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166198946" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166198946">(May 21 2019 at 18:25)</a>:</h4>
<p>but yeah I agree it's too subtle to declare atm</p>



<a name="166199106"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199106" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199106">(May 21 2019 at 18:26)</a>:</h4>
<p>it's sad that we lose the bounds check that way though</p>



<a name="166199139"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199139" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199139">(May 21 2019 at 18:27)</a>:</h4>
<p>I mean, we totally will one day rely on <code>(*x).field</code> not going through any <code>Deref</code></p>



<a name="166199148"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199148" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199148">(May 21 2019 at 18:27)</a>:</h4>
<p>not sure why <code>(*x)[i]</code> should be different, then</p>



<a name="166199243"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199243" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199243">(May 21 2019 at 18:28)</a>:</h4>
<p>Field access can't be overloaded, indexing can, so treating <code>(*x)[i]</code> differently depending on the type of <code>x</code> means there's some inconsistency</p>



<a name="166199287"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199287" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199287">(May 21 2019 at 18:29)</a>:</h4>
<p>But to be clear, I could totally see us guaranteeing it, just... not now</p>



<a name="166199494"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199494" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199494">(May 21 2019 at 18:31)</a>:</h4>
<p>I would be scared to rely on it just because if I see x[i] i don't know if that's like an array or slice or vec, and if it's vec, is the indexing impl on vec or the slice and it's doing autoderef andddddd aaaaaaaaa</p>



<a name="166199540"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166199540" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166199540">(May 21 2019 at 18:31)</a>:</h4>
<p>but my good friend ptr.add(i).write(val) will never do me wrong</p>



<a name="166203140"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166203140" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166203140">(May 21 2019 at 19:12)</a>:</h4>
<p>posted: <a href="https://twitter.com/Gankro/status/1130914262631821312" target="_blank" title="https://twitter.com/Gankro/status/1130914262631821312">https://twitter.com/Gankro/status/1130914262631821312</a></p>
<div class="inline-preview-twitter"><div class="twitter-tweet"><a href="https://twitter.com/Gankro/status/1130914262631821312" target="_blank"><img class="twitter-avatar" src="https://pbs.twimg.com/profile_images/990027762143379456/yizf_HW8_normal.jpg"></a><p><span aria-label="music" class="emoji emoji-1f3b5" role="img" title="music">:music:</span> Hey, I just alloc'd you
<span aria-label="music" class="emoji emoji-1f3b5" role="img" title="music">:music:</span> and this is UB
<span aria-label="music" class="emoji emoji-1f3b5" role="img" title="music">:music:</span> But here's my type
<span aria-label="music" class="emoji emoji-1f3b5" role="img" title="music">:music:</span> so initialize me maybe

mem::uninitialized IS BROKEN AND DEPRECATED

<a href="https://t.co/9kcLkRJ1AZ" target="_blank" title="https://t.co/9kcLkRJ1AZ">https://gankro.github.io/blah/initialize-me-maybe/</a></p><span>- Alexis Beingessner (@Gankro)</span></div></div>



<a name="166203828"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166203828" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166203828">(May 21 2019 at 19:21)</a>:</h4>
<p><span aria-label="musical notes" class="emoji emoji-1f3b6" role="img" title="musical notes">:musical_notes:</span></p>



<a name="166753921"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166753921" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166753921">(May 28 2019 at 20:01)</a>:</h4>
<p><span class="user-mention" data-user-id="137587">@Gankro</span> sorry, was traveling, but it seems like there was a lot of discussion here! thanks for working on that!</p>



<a name="166765872"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog%20post%20about%20%60MaybeUninit%60/near/166765872" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gankra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/blog.20post.20about.20.60MaybeUninit.60.html#166765872">(May 28 2019 at 22:29)</a>:</h4>
<p>if i have time I'm going to write a followup comparing the C++/Rust models here a bit more, because a lot of people got caught up on "well C++ can do this", because I didn't really drill into the buckwild things mem::uninitialized vaguely implies you can do.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>